Recurly's SSL certificate error

[ChrisTaylorDeveloper]

As described in your README.md file I am encountering the following error:

Fatal error: Uncaught exception 'Recurly_ConnectionError' with message 'Could not verify Recurly's SSL certificate.'

I have tried 3 different hosts and I get the same error on each. I am happy to apply the manual work-around and specify the path to my .pem file manually

Recurly_Client::$CACertPath = '/what/is/my/path';

What is the path on an Ubuntu system please? Or, how do I find it?

Alternatively, how can I set my php and libcurl package up so this error will not be created.

Thank you

[bhelx]

I have tried 3 different hosts and I get the same error on each. I am happy to apply the manual work-around and specify the path to my .pem file manually

Recurly_Client::$CACertPath = '/what/is/my/path';

What is the path on an Ubuntu system please? Or, how do I find it?

Diagnosing and fixing these problems can be tricky. Do you have shell access to your Ubuntu system? Do you have root access?

Maybe try this path:

Recurly_Client::$CACertPath = '/etc/ssl/certs/ca-certificates.crt';

Do you have anything in /etc/ssl/certs?

If not (and the above didn't work) you might want to try downloading the updated curl version:

cd /etc/ssl/certs
sudo wget https://curl.haxx.se/ca/cacert.pem

^ You may need to remove s in the http(s) there if it fails. It's ironic really :/

Then point your path to /etc/ssl/certs/cacert.pem.

Alternatively, how can I set my php and libcurl package up so this error will not be created.

If I remember correctly, the problem has to do with how libcurl was compiled on the system. I believe if it does not find the machines trusted certs, it uses it's own bundled version. And the problem is that that bundled version is out of date. I think to fix it globally requires recompiling it and telling it where the system's trusted certs are. I'll have to go through my notes to be sure. If you are using a "hosted" environment you may not have the ability to do that.

[ChrisTaylorDeveloper]

Thank you for the suggestions. I am using Cloud9 IDE and have full access to my ubuntu system.

I do have ca-certificates.crt in the certs folder and tried that path. It didn't work. I also downloaded the cacert.pem as you suggested and this didn't work either.

My code is:

`date_default_timezone_set('Europe/Guernsey');

Recurly_Client::$CACertPath = '/etc/ssl/certs/cacert.pem';
Recurly_Client::$subdomain = 'my-clients-sub-domain.recurly.com';   // no https://
Recurly_Client::$apiKey = 'xxxx-real-key-here-xxxxxxxxxxxxxx';  

$accounts = Recurly_AccountList::getActive();    
var_dump( $accounts);`

Any other ideas please?

[bhelx]

I think you may be having a different problem, you are putting in a FQDN for subdomain. You want just the subdomain. Try changing to this:

Recurly_Client::$CACertPath = '/etc/ssl/certs/cacert.pem';
Recurly_Client::$subdomain = 'my-clients-sub-domain';   // just the subdomain name, not the fqdn
Recurly_Client::$apiKey = 'xxxx-real-key-here-xxxxxxxxxxxxxx';  

$accounts = Recurly_AccountList::getActive();    
var_dump( $accounts);`

[bhelx]

Also, when you said:

this didn't work either.

Did you mean you got the same error or a different error?

[ChrisTaylorDeveloper]

All working now. I just needed to use the sub-domain (without protocol). Many thanks.

[bhelx]

@CTaylorGuitar thanks for following up with your status. I'll think about adding something to the README for that section.